generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add -timeout option to ocsp utility.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2006-07-17 13:26:54 +00:00
parent c1c6c0bf45
commit 454dbbc593
2 changed files with 96 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -4,7 +4,8 @@
Changes between 0.9.8b and 0.9.9 [xx XXX xxxx] Changes between 0.9.8b and 0.9.9 [xx XXX xxxx]
*) Non-blocking OCSP request processing. *) Non-blocking OCSP request processing. Add -timeout option to ocsp
utility.
[Steve Henson] [Steve Henson]
*) Allow digests to supply their own micalg string for S/MIME type using *) Allow digests to supply their own micalg string for S/MIME type using

100
apps/ocsp.c
View File

@ -86,6 +86,8 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port); static BIO *init_responder(char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
OCSP_REQUEST *req, int req_timeout);
#undef PROG #undef PROG
#define PROG ocsp_main #define PROG ocsp_main
@ -112,6 +114,7 @@ int MAIN(int argc, char **argv)
BIO *acbio = NULL, *cbio = NULL; BIO *acbio = NULL, *cbio = NULL;
BIO *derbio = NULL; BIO *derbio = NULL;
BIO *out = NULL; BIO *out = NULL;
int req_timeout = -1;
int req_text = 0, resp_text = 0; int req_text = 0, resp_text = 0;
long nsec = MAX_VALIDITY_PERIOD, maxage = -1; long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL; char *CAfile = NULL, *CApath = NULL;
@ -153,6 +156,22 @@ int MAIN(int argc, char **argv)
} }
else badarg = 1; else badarg = 1;
} }
else if (!strcmp(*args, "-timeout"))
{
if (args[1])
{
args++;
req_timeout = atol(*args);
if (req_timeout < 0)
{
BIO_printf(bio_err,
"Illegal timeout value %s\n",
*args);
badarg = 1;
}
}
else badarg = 1;
}
else if (!strcmp(*args, "-url")) else if (!strcmp(*args, "-url"))
{ {
if (args[1]) if (args[1])
@ -730,12 +749,8 @@ int MAIN(int argc, char **argv)
sbio = BIO_new_ssl(ctx, 1); sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio); cbio = BIO_push(sbio, cbio);
} }
if (BIO_do_connect(cbio) <= 0)
{ resp = query_responder(bio_err, cbio, path, req, req_timeout);
BIO_printf(bio_err, "Error connecting BIO\n");
goto end;
}
resp = OCSP_sendreq_bio(cbio, path, req);
BIO_free_all(cbio); BIO_free_all(cbio);
cbio = NULL; cbio = NULL;
if (!resp) if (!resp)
@ -1225,4 +1240,77 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 1; return 1;
} }
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
OCSP_REQUEST *req, int req_timeout)
{
int fd;
int rv;
OCSP_REQ_CTX *ctx = NULL;
OCSP_RESPONSE *rsp = NULL;
fd_set confds;
struct timeval tv;
if (req_timeout != -1)
BIO_set_nbio(cbio, 1);
rv = BIO_do_connect(cbio);
if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
{
BIO_puts(err, "Error connecting BIO\n");
return NULL;
}
if (req_timeout == -1)
return OCSP_sendreq_bio(cbio, path, req);
if (BIO_get_fd(cbio, &fd) <= 0)
{
BIO_puts(err, "Can't get connection fd\n");
goto err;
}
ctx = OCSP_sendreq_new(cbio, path, req, -1);
if (!ctx)
return NULL;
for (;;)
{
rv = OCSP_sendreq_nbio(&rsp, ctx);
if (rv != -1)
break;
FD_ZERO(&confds);
FD_SET(fd, &confds);
tv.tv_usec = 0;
tv.tv_sec = req_timeout;
if (BIO_should_read(cbio) || BIO_should_io_special(cbio))
rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
else if (BIO_should_write(cbio))
rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
else
{
BIO_puts(err, "Unexpected retry condition\n");
goto err;
}
if (rv == 0)
{
BIO_puts(err, "Timeout on request\n");
break;
}
if (rv == -1)
{
BIO_puts(err, "Select error\n");
break;
}
}
err:
OCSP_REQ_CTX_free(ctx);
return rsp;
}
#endif #endif